Firebase - Deleting and reinstalling app does not un-authenticate a user
The Firebase authentication session is persisted on the user's device in the iOS keychain. The keychain data for the application is not removed when the application is uninstalled.
If you're looking to manually clear the data, you can store some additional metadata along with your application and manually call FirebaseRef.unauth() to clear the persisted session. See #4747404: Delete keychain items when an app is uninstalled for an additional reference.
Firebase keep me logged in even if I reinstall the app
- This is not the iOS problem.
- Reality is if we keep things inside keychain they can be accessed back after app reinstall,So if you want to maintain a login session don't use the one provided firebase logic that will behave like same.
- use UserDefaults to keep a bool value to check if user is logged in.
- By doing this you will face no problem even if app is reinstalled.
Firebase Authentication returning specific user when app is uninstalled and Installed again
From the docs:
When a user signs up or signs in, that user becomes the current user of the Auth instance. The Firebase Auth instance persists the user's state, so that refreshing the page (in a browser) or restarting the application doesn't lose the user's information.
When the user signs out, the Auth instance stops keeping a reference to the User object and no longer persists its state; there is no current user. However, the user instance continues to be completely functional: if you keep a reference to it, you can still access and update the user's data.
So to solve this, the best way is to create a button and sign out the user. That way that user won't be logged in when you restart the application.
FirebaseAuth.getInstance().signOut();
More info here: https://firebase.google.com/docs/auth/users
Also this question related to ios (but same idea): Firebase - Deleting and reinstalling app does not un-authenticate a user
Some other alternatives also:
adding android:allowBackup="false" in your <application> in manifest.
android:allowBackup
Whether to allow the application to participate in the backup and restore infrastructure. If this attribute is set to false, no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb. The default value of this attribute is true.
Do this as a Test:
- Delete Cache and Data
- Login with User Y and Logout
- Login with User X and Logout
- Uninstall the application
- Install the application login with user X.
It is important to have FirebaseAuth.getInstance().signOut(); when logging out.
Deleted Firebase User still can authenticate
How long did you wait after reinstalling the app? If you reinstalled the app shortly after uninstalling it, this is the expected behavior on iOS.
The reason for this is manyfold, so I'll list a few bits of how Firebase Authentication below:
Firebase Authentication uses two tokens to authenticate the user, a long-lived refresh token, and a short-lived ID token.
The ID token is valid for one hour from when it is minted. Once minted, an ID token can't be revoked, which is why Firebase doesn't have to perform an expensive extra check on every interaction.
The ID token is persisted on the device, so that restarting the app can quickly pick up the user's authentication state, as long as the token has not expired.
On iOS the ID token is stored in the user's keychain, which is not automatically deleted when you delete an app. See Firebase - Deleting and reinstalling app does not un-authenticate a user
Give it another hour or so, and you should see that the user is no longer authenticated. Alternatively, don't delete the user account, but disable it both in Firebase Authentication and in the back-end service that you're using. For an example of this see Firebase still retrieving authData after deletion and five tips to secure your app.
Android, Firebase Auth, user session still exists when user deletes and reinstall app
Firebase support answered me and yes Firebase tries to keep some data even if appliaction is deleted.
In order to clear data when deleteing, I needed to disable backuping in my applications manifest in application:
android:allowBackup="false"
android:fullBackupContent="false"
Why FirebaseAuth currentUser() is kept after uninstall the app?
That happens because data will persist anyways offline in some cases regardless of the app being deleted or not, and thus, your previous Firebase user.
Referring to this answer:
It's because Android 6 has automatic backup. You need to tune
android:allowBackup and android:fullBackupContent in your manifest
tag if you don't want your data backed up or if you want
to include or exclude some resources. It's not a bug.
So basically, add android:allowBackup="false" and android:fullBackupContent="false" in manifest.xml and you should be fine.
Related Topics
How to Add Nsapptransportsecurity to My Info.Plist File
Creating a Segue Programmatically
What Are Different Types of Notifications in iOS and How to Configure Them Correctly
Generate .Pem File Used to Set Up Apple Push Notifications
Can You Build Dynamic Libraries For iOS and Load Them At Runtime
Fatal Error: Unexpectedly Found Nil While Unwrapping an Optional Values
Objective-C Arc: Strong VS Retain and Weak VS Assign
Uiscrollview Scrollable Content Size Ambiguity
Programmatically Set the Initial View Controller Using Storyboards
How to Localise a String Inside the iOS Info.Plist File
How to Create a Uicolor from a Hex String
Creating a Uicollectionview Programmatically
Uiwebview Open Links in Safari
Why Does Viewwillappear Not Get Called When an App Comes Back from the Background